URL Handler Argument Injection Vulnerability in Lotus Notes

DESCRIPTION
A vulnerability in the Lotus Notes client can let an attacker execute malicious
arbitrary code on the vulnerable system. Because of insufficient character
filtering on the argument passed to notes.exe from the "notes:" Uniform
Resource Identifier (URI) request, an attacker can to force a user to start
Lotus Notes with a custom notes.ini file that's under the attacker's control
and that specifies a custom data directory also under the attacker's control.
The attacker can create a malicious DLL containing arbitrary code that's loaded
and executed when notes.exe starts. The Notes URL handler fails to properly
filter input when a Web browser activates the Notes client by clicking a Notes
URL.